Comment by jzemeocala
3 days ago
I bought an Alesis QS8.1 super cheap in perfect condition (was a top grade digital piano/synth in the 90s).
and then i realized that ALL of the software (which i collected from defunct websites and archived on github) related to it was ancient and after a while of getting tired of using WINE every single time i decided i wanted a cross platform modern equivalent that did everything that several of these different programs did (plus break out some stuff that was now potentially possible with modern computer)
i thought it would be extremely hard because the computer to synth communication is pretty much only via sysex commands (of which the actual wave file encoding protocol was undocumented)
Claude walked me through examining the some of the original software in GHIDRA, and I had a working demo that night.....now im just playing with adding new features to it.
Related story, while applying a firmware update to my Kawai CA49 piano, I bricked it due to flashing the wrong file (The process was broken, and I got desperate and tried something stupid, which bricked the piano). Claude walked me through looking for signs of life, and since OTA from the phone app wasn't working for me, it downloaded the Kawai Android APK, decompiled the Java, figured out the hardcoded key used for encrypting the firmware update. Extracted the piano firmware update, decrypted it, and then wrote a flashing script to program the piano from my laptop via bluetooth. My piano was back to working within an hour.
I can't imagine where we are headed. You understand every step of what it did and can appreciate the complexity but it'll only take a few generations for this to become something like magic to the tech priests beseeching the machine spirits for blessings
I think you're overestimating how much the average person knows about how technology operates today, or 30 years ago, or 1000. In some sense, we have been living with magic and tech priests since the Romans built the aqueducts. I wouldn't be surprised if widespread, cheap AI makes it easier for the average person to learn how things around them work, if they are so inclined.
12 replies →
If religion and human technology are any guide, there will be a lot of this but it will never be the entire sum of human activity. Some of us are just too damn curious. We go straight for the curtain. I refuse to believe that very human pattern won’t continue.
"In the distant future, humans live in a computer-aided society and have forgotten the fundamentals of mathematics, including even the rudimentary skill of counting.
The Terrestrial Federation is at war with Deneb, and the war is conducted by long-range weapons controlled by computers which are expensive and hard to replace. Myron Aub, a low grade Technician, discovers how to reverse-engineer the principles of pencil-and-paper arithmetic by studying the workings of ancient computers which were programmed by human beings, before bootstrapping became the norm—a development which is later dubbed "Graphitics"." [1]
[1] https://en.wikipedia.org/wiki/The_Feeling_of_Power
2 replies →
I'm not convinced that's where we are heading. LLMs are really good at explaining things ("explain to me like I'm a 5 year old").
18 replies →
I've been writing code since my teens, I've studied assembly... yet the fact that _things_ start happening when I press the power button on my computer are pure magic to me and I like it this way.
I started digging a few times, but, I prefer the "magic".
7 replies →
I think it will be just like Dr. Know in Spielberg's "AI" movie from 2001 — I found it amazing how the oracle, though giving mystic-sounding obfuscated answers, was actually intelligent enough to figure out (a) what the kid was asking for and (2) give the correct answer.
1 reply →
Kids grew up on this man, they are master prompters. You’ll be asking them to fix your holoTV and your crypto phone when you’re too old to read the brainfuck.
Honestly, don't think so. That's certainly the path one might extrapolate if the next generation grows up exactly the same way as the current generation, but that's not how it works.
They will be exposed to this technology throughout childhood as their brains develop and they will develop unique ways to work with it we don't entirely understand just like GenY with cell phones and GenX with home computers. I think you deeply underestimate how adaptable we are as a species, but if you consider that we've been running the same OS and Bios as a species for the past ~40K years, perhaps you might be more optimistic?
1 reply →
Give it six more months and you'll have a second "oh shit" moment when you peek behind the curtain of LLMs shitting the bed.
I guess tech unsavvy people who are easily amused by LLM tricks will always exist, but they'll be an increasingly smaller minority as time goes on.
This is truly remarkable. Congratulations!
yeah thats mind blowing, ngl
Baller
That's sick.
Yes, those tools are extremely good at reverse engineering. With a bit of know how, it is now trivial to reverse engineer any protocol or crack any software, often in a matter of hours or less.
A lot of people in the industry have vested interests in this not being discussed openly so you don't hear too much about it, but the implications are huge.
What are some of the implications? Where does widely available mythos-level hacking lead? By people with a vested interest, do you mean non-cloud software vendors?
Software that had a data moat because it was hard to integrate with or migrate off of will have that moat disappear. A web site is a client now. Building data migration too for all of you competitors is easier now.
3 replies →
Right now, software is protected by the attacker not having enough competence. If that's over, the logical next step is using real encryption.
E.g. a synth has a public key embedded. To change settings, you upload them to the vendor, who blesses them with their private key.
Hacking such a synth requires either jailbreaking the synth, or the vendor losing their key . Both can be mitigated with tamper resistant hardware.
We're well ahead on this path already, I assume AI will accellerate it. This is very bad news for the right to repair.
3 replies →
I think companies with valuable data to scrape (e.g. media companies) will eventually lock it behind APIs that verify Apple App Attest or Google Play Integrity. And deprecate websites which are easily scraped too. Then it will be useless to reverse engineer APIs used by apps and we will have to run the unmodified client on an unmodified OS.
Some people even had some fun de-minifying JS and disassembling binaries. Successfully.
What do you mean? Everyone is talking about Mythos.
I think GP is talking about cracking, not pen testing.
2 replies →
It wouldn't surprise me if reverse engineering is put on the "highly unsafe" list in the near future in the same category as bio because of these interests. Can't have the cattle classes be able to control their own property now can we?
This is pretty much a given anyway. Making reverse engineering tools is already likely to get you sued by someone so model makers are apt to slow down the ability of their tools to reverse engineer to avoid the lawsuits themselves.
1 reply →
>Claude walked me through examining the some of the original software in GHIDRA,
I wanted to be able to decrypt the files on The Complete New Yorker magazine DVDs. The old software was WinXP only, and crashed by the time you turned to page 3 or 4. It walked me through using Ghidra on the relevant dll, mapped out how it was using Blowfish, what the credentials were that it was passing, and re-implemented all of that in a python script.
Now all the files are in plain pdf.
Right now, it's helping me write an extension to the mkv specification for embedded scripts and modify VLC to be conformant, so I can watch Black Mirror Bandersnatch. Already have a buggy implementation, about 3 days in.
I've also had it add BEP 46 mutable torrent functionality to Transmission (and to some extent, to the WebTorrent library).
These are all well beyond my abilities to do casually, and probably beyond my ability to do even if I spent the next 18 months doing nothing by grinding away at it.
I only replied because I thought it curious that Claude apparently favors Ghidra.
Interestingly enough, i’ve been sitting on a project for the last 12ish years where i just took the FMloader lib and used that from C# to turn the djvu files into pdfs. All that was needed was a decompiler and an hour of banging my head on it. I published some of the results a few years ago but need to go back and actually build out a full app.
I'm trying to not do the naive pdf creation, where each page is just the raster. Trying to keep the JBIG2 bilevel, as I get better quality at lower file size. Using jpeg2000 too, where appropriate, but the pdfs are still x2.5 the size of the original. Though, I can have it spit out decrypted djvu files that are exactly the same filesize... I just don't like that format for archival.
If you want the Rolling Stone or Playboy archives decrypted, ReconSuave on github has tools to do those. I got tired of waiting for him to do The New Yorker though.
3 replies →
Ooooh, you don't happen to have the code for the New Yorker decryption in a form you could send, do you? Or put up on github or even just give me the starting prompt…
Okay, a couple of hours later…thanks for the hint as that's fucking dark magic ;) and I now have access to the entire New Yorker again after around 15 years :)
1 reply →
What was your setup for this and did you have any preferences set in Claude to get started with something like this?
I use Claude on the desktop, and only occasionally Claude Code. It's the one that recommended Ghidra. Walked me through the install. Taught me the basics (G to go to an address, etc). Would tell me where to go, and what to paste back to it. It eventually converged on where to find the iv and credentials and so forth (after acting confused for awhile), and then wrote the python script for me that decrypts. I'd like to think my questions (and challenges to its assertions) were intelligent enough to spur it towards the solution, but self-flattery is all that is.
The dll in question was pretty obvious just from the filename alone that it was where the magic happened.
If you want something similar, you might just start by asking it if it would be feasible to decompile the software in question to reverse engineer the decryption, that you'd heard Ghidra was a big deal. Keep nudging it to guide you along that sort of path.
I would be interested to learn a bit more on the how after reading also [0] and the worlk done on patching the Ableton Move firmware with the Schwung [1]. Slightly different but there is an increasing amount of work done on either old hardware and new one exploring patching, swapping or developing new firmware from scratch thanks to LLM/GenAI currently.
[0] https://mforney.org/blog/2026-05-28-patching-my-guitar-amps-... [1] https://schwung.dev
Schwung is great. See also the recent new firmware for the Elektron Monomachine (old unsupported hardware) created using LLMs
I had that keyboard! I actually really like the piano-ish touch. I remember being sad though, when I realized they’d crammed all the sounds into I think 16MB (or was it 8?) and realizing how bad that was even by the late 90s! I think I still have mine in the garage somewhere… good times!
You mean bad because they could have used a larger memory module and thus higher resolution sound samples?
I loved mine. Had it since the 90s, working perfectly.
One day a few years ago my dad came by and was admiring it (it was a QS8) and asked to borrow it so he could play piano again.
I, of course, said sure, but was feeling a little salty about it inside, because I wanted it to play, that's why I had it all set up.
Anyway, about a year went by and I asked him about it to see if he was done with it.
He said "oh that thing? I gave that away, was just taking up space"
-.-
With stuff like this, do you honestly not feel that you've probably been tricked and that someone else actually did this?
Don't get me wrong, I think AI can do some surprising things, but with stuff like this, often it just stole the code and the steps without attribution, it didn't figure it out.
There'll probably be a blog post detailing exactly how to do this somewhere and Claude just copied the steps and code.
And worse, Google search would have found it 10 years ago, but Google search today would claim there are no results?
I think incredibly specific stuff like this often won't pass the 'did Claude just steal this?' test when you dig into it.
I appreciate where you’re coming from but no, I don’t believe so. I have had Claude do some incredible reverse engineering on very proprietary niche firmware blobs that aren’t generally available to the public. One of the really interesting reasons why I don’t believe that it’s simply regurgitation but rather iterative novel synthesis is because of the dead ends and blind alleys that led to success. It feels a lot more like “Claude has read every tutorial on Ghidra and Radare2, and has memorized the ARM architecture and datasheets for all of these microcontrollers”. Misidentifying, say, which subfamily of processors it is based on the IVT, only to course correct when I give it the VID/PID of the device booted into DFU mode.
One piece of gear, Claude found a hidden and highly useful diagnostic screen. This took a few iterations too. It found the existence of it based on just running “strings” against the firmware image but needed a few rounds of me going “I tried what you suggested but this is what happened instead”. Searching Google, DuckDuckGo, and GitHub for any of the strings that were on that screen or any of the named constants associated with that screen in reverse engineered source led to exactly zero hits.
More entertaining, Claude and I together also nailed down the source of a PTP synchronization bug in a piece of equipment a few months ago using the main UI .exe (written in pascal, of course), an ARM Linux image from the real-time controller in the box, and some pcaps from it interacting with other devices. The vendor released a patch a few days ago, without me having reported the bug.
It was probably done on a foreign language on an archived forum. Claude is the improvement of the internet search box.
I take it….
Improvement over all the assholes that tell you „just google it” after you spent two days hitting the wall.
Hey so... mind sharing findings? I have a QS8 :)
While not the "oh shit" moment, the wave has the same shape.
I have an DigiTech GNX3000 effects pedal board - a digital modeling "workstation" that needs the aged Windows native software or Gdigi to make the most of.
At best, the experience with gdigi was passable; raw access to the patches and controls, the ability to control it from the laptop, etc.
In an hour or so, I had a functionally superior webmidi version up and running in Vercel using their v0 code. It kicked off a wave of subscriptions and referral chasing.
I made it a template - because there are so many gnx3k users out there: https://v0.app/templates/digitech-gnx3000-sysex-tool-GC5LzXA...
That's fantastic. Did you use a Ghidra MCP server? It's kind of magical huh?
I've done a similar sort of thing with my camera lens' firmware updater just out of curiosity, and I didn't use any kind of MCP. It's able to write an automated script using the Ghirda API to decompile the program just fine, and then code exploration can be done by reading the code.
Claude needs good variable names a lot less than humans do, so renaming/typedefing doesn't seem to be as necessary.